Privacy management system

Privacy Information Management System 

(ISO 27701)



Consumers are demanding greater transparency from businesses about the data they collect – and regulators are taking action. Certification to ISO 27701 assures stakeholders that your organization takes data privacy seriously.

In today’s increasingly connected world, consumers generate massive volumes of data each day. Concern is mounting, however, over how companies capture, use and protect this data. In response to public pressure, governments around the world are implementing ambitious regulations to ensure the privacy and security of private information. These include, but are not limited to, the European Union’s General Data Protection Regulation (GDPR), Brazil’s General Data Protection Law (LGPD) and California’s California Consumer Privacy Act (CCPA).

To help organizations manage personal data in line with consumer expectations and in compliance with rapidly tightening regulatory requirements, Bureau Veritas offers ISO 27701 certification and training. Implementing an ISO 27701 Privacy Information Management System (PIMS) enables you to meet the highest standards of responsibility and transparency in the processing of personal information.

Key benefits

  • Safeguard your reputation

    by protecting consumers’ personal information.

  • Target compliance

    with data protection regulations.

  • Identify and mitigate risk

    by implementing rigorous privacy controls.

  • Inspire stakeholder trust

    by putting data protection at the heart of your business.

Demonstrate next-level data protection with ISO 27701

Certification to ISO 27701 enables you to take your Information Security Management System (ISMS) to the next level. An extension of ISO 27001, and its sister guidance standard ISO 27002, ISO 27701 sets additional guidelines for how personally identifiable information (PII) should be managed and processed. Applicable to any organization that controls or processes personal data and has an ISO 27001 ISMS, an ISO 27701 PIMS enables businesses of all sizes and sectors to take a comprehensive, risk-based approach to data protection.

Target compliance with regulatory requirements

The controls and principles set out in ISO 27701 align with the principles laid out in recent data protection legislation around the world. Implementing an ISO 27701 Privacy Information Management System assists organizations in demonstrating their compliance with these and other regulatory regimes.

Build trust with internal and external stakeholders

ISO 27701 requires that an organization regularly produce documentation about how it handles personal data and protects against breaches. Transparency about your company’s data governance assures consumers, employees, investors, clients and governments that you take privacy seriously.

Tackling Data Privacy with ISO 27701

Data privacy is a major issue today. The quantity of data collected by businesses, combined with concerns over how it is used, have made governments aware of the need to protect consumers, resulting in stringent regulations such as the European General Data Protection Regulation (GDPR).

Download the white paper